CVE-2018-10845
5.9
MEDIUM
CVSS 3.1
EPSS 0.77%
Description
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
How to fix CVE-2018-10845
To remediate CVE-2018-10845, upgrade the affected package to a fixed version below.
- Debian/gnutls28—upgrade to 3.5.19-1 or later
Is CVE-2018-10845 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.5.19-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |